-1

Wouldn't AES be more secure at securing passwords when storing them in a database, compared to using salts. Note: Not concerned with performance, only security. Which one would be more secure. Also, wouldn't it be better to then store the key for encryption, any encryption in another database server, encrypted obviously.

Ramonster
  • 444
  • 4
  • 15
  • Which RDBMS are you using? – Tab Alleman Feb 09 '15 at 14:04
  • The RDBMS I'm using is MySQL. – Ramonster Feb 09 '15 at 14:14
  • 1
    Then, please remove sql-server tag – Jesús López Feb 09 '15 at 14:18
  • Salts are not created automatically, and it cannot be done on create table statement. Usually, client applications create salt and password hashes – Jesús López Feb 09 '15 at 14:19
  • 1
    'Usually' you'd create a salt in the application hash the plaintext with the salt and send the resulting hash and salt to be persisted in the database. Why do you need to do this at a database level? You can find many examples and blogs on creating a salts and hasing in most languages by simply searching the web. – T I Feb 09 '15 at 14:23
  • I'm trying to develop a secure database architecture for storing credentials using MySQL. I was hoping that MySQL could create salts, there must be a way, since there are a number of cryptographic functions available for MySQL. – Ramonster Feb 09 '15 at 14:46
  • I know that is what you would normally do, but could you, as in, is it possible to create random salts using just MySQL. – Ramonster Feb 09 '15 at 19:39
  • I'm voting to close this question as off-topic because this is about cryptography without directly involving programming. – Artjom B. Feb 11 '15 at 21:25

1 Answers1

5

No. If you encrypt the password with a key, and an attacker steals the table of encrypted passwords and the key, he can discover all of your users' passwords and use them to log into your system (and all of the other systems where the user has selected the same password). This isn't secure.

If you properly "hash" the passwords, there is no key or shortcut that will allow the attacker to recover the password from the authentication table. That hashing function cannot be inverted like a cipher.

erickson
  • 265,237
  • 58
  • 395
  • 493
  • In addition there are grave legal reasons why you shouldn't be able to access your users' passwords. See my answer [here](http://stackoverflow.com/questions/2283937/how-should-i-ethically-approach-user-password-storage-for-later-plaintext-retrie/2287672#2287672). – user207421 Feb 11 '15 at 01:10
  • but if the password isn't great, I'm not just talking about 'password123', but even passwords such as 'qeadzcwrsfxv1331' isn't great either. Salting does help for rainbow tables, but brute-force doesn't need rainbow tables Even with stronger hashes, e.g. SHA2, still vulnerable because they are one-way. Plus, salts are generally left in plaintext. Instead, use a proper random and long salt, but then encrypt that salt using AES. But again, the trouble is still keeping the key a secret, but it's still way better then just using a non-random salt, like most salts are. – Ramonster Feb 11 '15 at 14:14
  • Here's a few links to look at. http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/ http://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/ – Ramonster Feb 11 '15 at 14:16
  • @Ramonster To defend against brute force, iteration of the hash is used. Yes, indeed, the salt must be random, which is simple to achieve (far simpler than keeping a secret that has to be available to the running process and insiders). The answer to this question is to choose from scrypt, bcrypt, or PBKDF2, in descending order of preference. Users are trusting you to store their password in an unrecoverable form. Reversible encryption does not fulfill that obligation. – erickson Feb 11 '15 at 14:26
  • True, but I'm saying that the password should be encrypted using symmetric encryption, but instead the salt should be encrypted. And the Password will always be recoverable to a certain degree. – Ramonster Feb 11 '15 at 14:35
  • 1
    @Ramonster QFT "I am saying that the password should be encrypted using symmetric encryption..." No, this is dangerous and wrong. I have previously read the first article you cited, and even they recommend the three algorithms I listed. – erickson Feb 11 '15 at 14:38